Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 15, 2023Severity High Analysis Summary According to researchers, a Golang-based botnet named GoBruteforcer has been discovered, which is specifically targeting web servers running FTP, MySQL, phpMyAdmin, and […]March 15, 2023Severity High Analysis Summary DarkComet RAT (Remote Administration Tool) is a type of malware that is designed to allow attackers to gain remote access to a […]March 15, 2023Severity High Analysis Summary CVE-2023-23410 CVSS:7.8 Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 15, 2023Severity High Analysis Summary According to researchers, a Golang-based botnet named GoBruteforcer has been discovered, which is specifically targeting web servers running FTP, MySQL, phpMyAdmin, and […]March 15, 2023Severity High Analysis Summary DarkComet RAT (Remote Administration Tool) is a type of malware that is designed to allow attackers to gain remote access to a […]March 15, 2023Severity High Analysis Summary CVE-2023-23410 CVSS:7.8 Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities
May 5, 2021Rewterz Threat Advisory – CVE-2021-1284 – Cisco SD-WAN vManage Software Authentication Bypass Vulnerability
May 6, 2021
Severity
Medium
Analysis Summary
The financially motivated threat gang, referred to as UNC2529, is targeting many organizations in the US and other countries. The group shows professional and experienced coding of their malware and custom lures.
Although two distinct attacks took place at the end of 2020, three new malware families have been employed by the group. The malware is tracked as:
- DOUBLEDRAG
- DOUBLEDROP
- DOUBLEBACK
The phishing messages include links to a malicious website that serves the malware. The targeted organizations are mainly in the business sector, healthcare sector, retail sector, and engineering and manufacturing. In some attacks, weaponized Excel documents are used as a downloader.
The attackers used extensive use of fileless malware and obfuscation to evade detection and the backdoors employed in the attacks are very sophisticated.
“UNC2529 is assessed as capable, professional, and well resourced. The identified wide-ranging targets, across geography and industry, suggests a financial crime motive.” concludes the report which also included indicators of compromise and other technical indicators for the attacks.”
Impact
- Phishing
- Data Breach
Indicators of Compromise
MD5
- 4b32115487b4734f2723d461856af155
- 9e3f7e6697843075de537a8ba83da541
- cc17e0a3a15da6a83b06b425ed79d84c
- 1aeecb2827babb42468d8257aa6afdeb
- 1bdf780ea6ff3abee41fe9f48d355592
- 1f285e496096168fbed415e6496a172f
- 6a3a0d3d239f04ffd0666b522b8fcbaa
- ce02ef6efe6171cd5d1b4477e40a3989
- fa9e686b811a1d921623947b8fd56337
SHA-256
- c388f1fd17f0d2be18ce7f294beccb82cc805a38baab2ebcdf5aff83493b34d9
- ce5e4aaab3c22305c52637e3ebfdc851dda3e60f263cb03ccfe5cdca4c18e9e9
- 1e577b21c6c1c89530dd838961b128a25ea1507f870e03f4406b12f46d99da88
- 86158e1c5d4130a73b9cec9b20858b42a6345fc0267bf099ee431792c897799d
- d5aaec63bf670d653a1e3a79436f73b29e6be88cb65c78db8778b2dd14db8853
- 99a0c3a57918273a370a2e9af1dc967e92846821c2198fcdddfc732f8cd15ae1
- 2989581e8a8e3a756ec9af84ff6692526e440349c668e8636e3d10d452995c95
- b3c94fdf4cf16a7d16484976cf8a4abac6d967a7ce8fa4fe9bde3da6d847792f
- f58a4f2b319297a256f6b2d77237804c15323dd5e72a0e3a4bfc27cdd0bb0b86
- 9d20722758c3f1a01a70ffddf91553b7a380b46b3690d11d8ba4ba3afe75ade0
- 8eada491e7fbd8285407897b678b1a3d480c416244db821cfaca0f27ab27901a
- 7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6
SHA1
- f5807c2946093cc274d20950e3ed9cab10af4e16
- 7c71fcd437cca4c3653f3dad39067bb87abbcf5e
- 51e4a4e6f64fedc7a20921ee578f83be50b0831c
- 653f6938e5521cf70596fc4a3f1d8c8eef21959a
- 90177c060567990e289f746cd126975b9102d675
- 04d6674dbb0b863f0cd963900afce9826c2a488f
- 8306820209e008945315b4e5efd01ba597e4ee0e
- d39142655510cc61f17994489ee9de162bec772a
- 6fd0a05f1273f1a5cb79872c452266b5788fc0f3
URL
- http[:]//p-leh[.]com/update_java[.]dat
- http[:]//clanvisits[.]com/mini[.]dat
- https[:]//towncentrehotels[.]com/ps1[.]dat
- https[:]//klikbets[.]net/admin/client[.]php
- https[:]//lasartoria[.]net/admin/client[.]php
- https[:]//barrel1999[.]com/admin4/client[.]php
- https[:]//widestaticsinfo[.]com/admin4/client[.]php
- https[:]//secureinternet20[.]com/admin5/client[.]php
- https[:]//adsinfocoast[.]com/admin5/client[.]php
Remediation
- Download the latest patches.
- Practice strong security habits and be wary of suspicious emails.
- Install and update antivirus and malware protection software.